Tag: identity

Since the Internet Identity Workshop (IIW11) last week, I’ve been reflecting on how far we’ve come – and how far we still have to go.

My Google ID, Yahoo ID, Facebook ID, and even my own domain’s OpenID can all be used to create and maintain accounts around the internet. Many services also have connections between them, allowing my Flickr photos to show up on Facebook and Google Buzz and making every post to my blog show up as a tweet @dariusdunlap.

Unfortunately, this is still all too complicated, but it is getting better all the time. Many people are working on the problems, and at IIW they are all sharing results, ideas, and making new plans. For example, the Google security team presented their excellent research on user interface for shared IDs and subsequently released impressive documentation of their work.

Today (well, yesterday if you are living in Europe like me) Google released a demo site – it is a store – and accompanying material like videos, tutorials, and best practices that provide detailed explanations on how to become a relying party, match an existing user base with OpenID, and much more. Eric Sachs, product manager, Google Security, announced this on the OpenID mailing list today.

?Behind all this are serious concerns about privacy and data ownership. The kerfuffle between Google and Facebook over contact data sharing is just one very visible corner of this iceberg. Although Facebook is more open than ever, their stance is more than a little disingenuous.

Suffice to say, you cannot bring your Facebook contacts into Gmail, as you can with Yahoo and Microsoft. Thus, the issue clearly isn’t that Facebook doesn’t think you have the right to mass export emails. It seems that Facebook simply doesn’t want you to mass export them into Google — not unless, I suppose, it gets a business deal with Google. And if it doesn’t want to do a deal, then those emails don’t get to go. They aren’t yours. They belong to Facebook, and can only be exported to the business partners that Facebook agrees with.

The internet works because it is an open platform. Nobody has to ask permission to create the next Facebook, the next Google or Yahoo!, or (more likely) something completely new. The people and organizations at IIW are working together to define how the internet handles identity and the related aspects of security and data ownership, including links between people and connections between services. All the biggest organizations are represented, including Facebook and Google.

This underlying open platform for identity and control of personal information is still being formed. There is much to be done before this all “just works” the way email does – but that’s exactly what needs to happen.

This is a sophisticated crowd at the Internet Identity Workshop, full of people who are very aware of the issues around identity, security, and privacy.

Joe Andrieu is showing his brilliant and simple tool “I Shared What?!?”. Login at http://isharedwhat.com/ and see what gets shared with apps on Facebook when you allow them access to your account. Just go through the signup and permission process as with any faceook app, and then use the tabs on the right side to see all the information you’ve shared. You can even change the sharing permissions and explore the changes.

Here’s what it looks like… (I chopped off all the juicy stuff below. Go look at your own!)

Last week I attended the VRM West Coast Workshop and one of the many impressive folks I met there was Joe Andrieu of Switchbook. In a recent blog post, Joe describes the The Identity Quartet – the key services that allow user to express their identity in online services. It’s one of the most clear descriptions of the identifier issues I’ve read. Joe even makes the point:

The Identity Quartet pattern isn’t rocket science. In fact, it makes things simpler when it comes to security, maintenance, and user control. The Quartet makes systems more flexible and more secure while giving users more freedom to manage how they interact and present themselves online. It is one way to turn user-centric Identity services of OpenID and Information Cards into truly user-driven Identity.